Correlation

The CNAM Security Suite's correlation engine bridges multiple data sources and processes information across multiple levels in the enterprise network hierarchy. The correlation engine used by CNAM is extremely modular and enables an organisation to detect attacks as well as fraud in real-time. CNAM provides highly sophisticated correlation utilising a team of expert service providers and partners who manage complex correlation algorithms and provide continuous support to raise the standard of the organization's security.

CSIEM's correlation engine provides the much needed power to cross correlate between raw logs and pre-processed information. This allows an organisation to correlate the information about the detected attackers as well as the information obtained from the open source security feeds with real time network level activity, and implement freely available information on the network as it happens.

Correlation in the RSEM is done at following levels: 

Multi level correlation module

RSEM correlates the logs obtained from multiple NAGs, multiple IDS/IPS, firewalls, and other assets & devices that give information about multiple nodes of the organization are collected in the log collectors where RSEM is deployed. These different logs from different devices residing in a single or multiple log collectors are correlated with the available information in the CNAM engine and also with the global security intelligence feeds that the CNAM engine provides and identifies any and all the attack patterns to secure the organization's network.

Multi site correlation module

The multi site correlation feature enables an organization to collaborate and correlate the logs from multiple sites where the organization functions and thus ensures congruence and intelligence sharing among those sites. Thus an attack detected at one site is automatically prevented at the organization's other sites. RSEM correlates logs from different sites, with the available information in the CSIEM engine and with the global security intelligence feeds that the CSIEM engine provides and identifies any and all the attack patterns to secure the organizations network.

Multi group correlation module

RSEM also supports the correlation feature between groups of organization which in turn is constituted of multi level and multi site correlation. It collaborates and correlates logs from multiple organizations, with the available information in the CNAM engine and global security intelligence feeds that the CSIEM engine provides and identifies any and all the attack patterns to secure the organizations network.

Besides the existing levels of correlation, RSEM also performs multi CNAM correlation that enables the organisations to prevent information sharing with the other organisations but facilitates utilisation of all the information from them. Netmonastery provides independent CNAM engines for such organisations.